I cannot emphasise enough the importance of updating your WordPress site regularly as new updates come along. If you don’t your site will not be secure and the chances are that you will get hacked.
You should also ensure that you keep regular backups, the best in the business for this is VaultPress owned by Automatic, the people behind WordPress. You will know that in the event that anything goes wrong your site can be restored. This peace of mind is priceless and definitely worth the £100 or so per year.
You can also install monitoring and protection tools such as WordFence but at the end of the day if a hacker is very determined, they will get in and this plugin will only work if you update regularly.
If you don’t want to do everything yourself, your developer will undoubtedly be able to provide you with a maintenance and support package, which will include backups.
The cost of ongoing ownership for a WordPress site or any other CMS needs to be considered, it is either your time (which I am sure is not free) or your developer’s time. At the end of the day, someone must be responsible for looking after your website.
The hack I saw yesterday had wiped out the entire database, everything was gone and replaced with spam pages and posts. There were no revisions in the database to roll back to, nothing. The site owner had never taken any backups and they were in big trouble. I have seen hackers insert code for adverts and even just take over sites in the name of terrorism but I have never seen anything like this.
So please make sure you keep backups and make sure you update weekly!